Automatic route add/del instead of supernetting

Hi,

I have a question about the routing to the tun device.

As I understand the tincd vpn solution, each side could add and delete 
subnets to the vpn, and these "routing" updates are send to every 
participating vpn node, so every node knows all subnets and the node 
where to send the traffic for it.

But, beside this, the operating system needs a way to distinguish 
between traffic destined for the vpn, which have to be send to the tun 
device, against traffic which should be forwarded via the "external" 
interface (for example all traffic send to a node itself).
To achieve this, each node have to add manually a route to the routing 
table for each vpn-subnet, pointing to the tun device.
Currently this is easily done with a so called supernetting 
configuration. But this is only working, if all subnets coming out of 
the same address range.

If a node adds a subnet coming from a complete different address range, 
than every node has to change there routing table manually (Initially 
done via the tinc-up script).

So the question is, is it possible to add some code to add a specific 
route to the kernel whenever a new subnet would be announced? The same 
should be done if the subnet is withdrawn.
Are there any disadvantages of such as solution (Ok, tincd have to be 
run as root to modify the kernel routing table)?

If we also add a hostroute pointing to the "externel" device for each 

Re: Automatic route add/del instead of supernetting

Oops,

seems to be that this was an RTFM question.
I installed tincd-1.0.4, but read a hardcopy of the man page of an older
version .

So I will give the subnet-up/down script a try. But for the second part
of my question (host route for every node pointing to the external
device) there is currently no solution, right?

Thanks
Holger

> Miika Keskinen wrote:
> 
>> Hi,
>>
>> If I understood correctly the functionality you are looking for is
>> already present. There is subnet-up and subnet-down - scripts called
>> whenever subnet becomes available / unavailable. I have something like
>> ospf's algorithm which is controlled via fifo and when subnet becomes
>> available I echo simple command (route add ... via ... dev ...) to that
>> fifo and have the listening 'routing daemon' handle changes.
>>
>> Miika
>>
>>
>> On 14:09 Mon 29 Aug     , Holger Zuleger wrote:
>>
>>> Hi,

Re: Automatic route add/del instead of supernetting

On Mon, Aug 29, 2005 at 03:53:06PM +0200, Holger Zuleger wrote:

> So I will give the subnet-up/down script a try. But for the second part
> of my question (host route for every node pointing to the external
> device) there is currently no solution, right?

The tinc daemon passes some information to the scripts via environment
variables. One of them, that is also passed to the subnet-up/subnet-down
script is REMOTEADDRESS, that is set to the address of the node that
owns the subnet. So you can do something like this in subnet-up:

#!/bin/sh
ip route add $SUBNET dev $INTERFACE
ip route add $REMOTEADDRESS dev eth0

Of course this assumes that $SUBNET is larger than a single address. You
can also use the REMOTEPORT environment variable if you want, you'll
need iptables fwmark or the advanced routing options to be able to route
based on port numbers, but it is possible.

--

-- 
Met vriendelijke groet / with kind regards,
    Guus Sliepen <guus@...>

On Mon, Aug 29, 2005 at 03:53:06PM +0200, Holger Zuleger wrote:

> So I will give the subnet-up/down script a try. But for the second part
> of my question (host route for every node pointing to the external
> device) there is currently no solution, right?